Weitere Kapitel dieses Buchs durch Wischen aufrufen
Virtual healthcare communities aim in bringing together healthcare professionals and patients in order to further improve the quality of healthcare services and assist healthcare professionals and researchers in their everyday activities. Patient monitoring and medical consultation – the two most popular activities inside virtual healthcare communities – require members’ collaboration in a secure and reliable environment. In this environment, patients share their medical data with doctors, expect confidentiality, and demand reliable medical consultation. Apart from a concrete policy framework, several ethical, legal, and technical issues must be considered in order to build a trustful community. This work presents the architecture of a virtual healthcare community portal, giving emphasis on the security issues that arise when attempting to manage risk inside such a community. Following a standardized risk assessment process, which identifies, estimates, and evaluates all potential security risks for the community, a security model is developed, and the community architecture is designed. Finally, a set of usage scenarios, with reference to real events, is employed in order to uncover security risks and illustrate the solutions provided by the proposed architecture.
Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten
Sie möchten Zugang zu diesem Inhalt erhalten? Dann informieren Sie sich jetzt über unsere Produkte:
Akyildiz, I. F., Su, W., Sankarasubramaniam, Y., & Cayirci, E. (2002). Wireless sensor networks: A survey. Computer Networks, 38(4), 393–422. CrossRef
Apostolakis, I., Chryssanthou, A., & Varlamis, I. (2009). A holistic perspective of security in health related virtual communities. In A. Lazakidou & K. Siassiakos (Eds.), Handbook of research on distributed medical informatics and E-health (pp. 367–381). Hershey, PA: IGI Global.
Article 29 Data Protection Working Party. (2010, February). Opinion 1/2010 on the concepts of “controller” and “processor”. Brussels, Belgium.
Becker, M. Y., Fournet, C., & Gordon, A. D. (2007, July 6–8). Design and semantics of a decentralized authorization language. In Proceedings of the 20th IEEE Computer Security Foundations Symposium (CSF 07), Venice, Italy (pp. 3–15). Washington, DC: IEEE Computer Society.
Becker, M. Y., & Sewell, P. (2004, June 28–30). Cassandra: Flexible trust management applied to electronic health records. In Proceedings of the 17th IEEE Workshop on Computer Security Foundations; Asilomar Conference Center, CA, USA, 2004 (pp. 139–154). Washington, DC: IEEE.
Blaze, M., Kannan, S., Lee, I., Sokolsky, O., Smith, J. M., Keromytis, A. D., et al. (2009, February). Dynamic trust management. IEEE Computer Magazine, 42(2), 44–52.
Chryssanthou, A., Latsiou, C., & Varlamis, I. (2009, June 9–13). Security and trust in virtual healthcare communities. In Proceedings of the 2nd International Conference on Pervasive Technologies Related to Assistive Environments (PETRA 09), Corfu, Greece (pp. 1–8). New York: ACM Press.
Curtis, D. W., Pino, E. J., Bailey, J. M., Shih, E. I., Waterman, J., Vinterbo, S. A., et al. (2008). SMART – An integrated, wireless system for monitoring unattended patients. Journal of the American Medical Informatics Association, 15(1), 44–53. CrossRef
Cyberinsecure.com. (2008, July 18). Asprox botnet mass attack hits governmental, healthcare, and top business websites [cited 2010 June 4]. Retrieved July 30, 2010, from http://cyberinsecure.com/asprox-botnet-mass-attack-hits-governmental-healthcare-and-top-business-websites/
DataLoss Database. (2010, June). Open security foundation; c2005–2010. Available from http://datalossdb.org
Demiris, G. (2005). Virtual communities in health care. In B. Silverman, A. Jain, A. Ichalkaranje, & L. Jain (Eds.), Intelligent paradigms for healthcare enterprises (Germany-studies in fuzziness and soft computing, Vol. 184, pp. 121–137). Berlin/Heidelberg: Springer. CrossRef
Demiris, G., Parker, O. D., Fleming, D., & Edison, K. (2004). Hospice staff attitudes towards telehospice. The American Journal of Hospice & Palliative Care, 21(5), 343–348. CrossRef
Dixon P (2006, March 3). Medical identity theft: The information crime that can kill you [cited 2010 January 4]. The World Privacy Forum. First report in a series [Internet]. Cardiff by the Sea, CA, USA: World Privacy Forum. Retrieved May 22, 2011, from http://www.worldprivacyforum.org/pdf/wpf_medicalidtheft2006.pdf
Ebner, W., Leimeister, J. M., & Krcmar, H. (2004, January 5–8). Trust in virtual healthcare communities: Design and implementation of trust-enabling functionalities. In Proceedings of the 37th Hawaii International Conference on System Sciences (HICSS 04) – Track 7, Big Island, Hawaii (p. 70182). Washington, DC: IEEE.
European Council. (1995). Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Communities, 38(281), 31.
European Council. (1997). Explanatory memorandum to recommendation (97) 5 on the protection of medical data. Strasbourg, France: Council of Europe.
Federal Trade Commission. (2000). Identity Theft Victim Assistance Workshop. Washington, DC: Federal Trade Commission; c2000–2010 [cited 2010 June 4]. Retrieved June 4, 2011, from http://www.ftc.gov/bcp/workshops/idtheft/
Hitrustalliance.net. (2009). Frisco, TX: Health Information Trust Alliance [updated 2010; cited 2010 June 4]. Available from https://www.hitrustcentral.net/
ISO/CD. (2005). ISO/CD 22857:2004: Health informatics – Guidelines on data protection to facilitate trans-border flows of personal health information. Geneva, Switzerland: ISO/CD.
ISO/IEC. (2005). ISO/IEC 27001:2005: Information technology – Security techniques – Information security management systems – Requirements. Geneva, Switzerland: ISO/IEC.
ISO/IEC. (2005). ISO/IEC 27002:2005: Information technology – Security techniques – Code of practice for information security management. Geneva, Switzerland: ISO/IEC.
ISO/IEC. (2008). ISO/IEC 27005:2008: Information technology – Security techniques – Information security risk management. Geneva, Switzerland: ISO/IEC.
ISO/IEC. (2008). ISO/IEC 27799:2008: Health informatics –Information security management in health using ISO/IEC 27002. Geneva, Switzerland: ISO/IEC.
Jones, V. M., van Halteren, A. T., Dokovski, N. T., Koprinkov, G., Peuscher, J., Bults, R., et al. (2006). Mobihealth: Mobile services for health professionals. In R. S. H. Istepanian, S. Laxminarayan, & C. S. Pattichis (Eds.), M-health emerging mobile health systems (pp. 237–246). New York: Springer.
Kaplan, D. (2009, March 2). Group unveils first-of-its-kind standard to secure patient data. SC Magazine, NEWS. Retrieved March 4, 2009, from http://www.scmagazineus.com/group-unveils-first-of-its-kind-standard-to-secure-patient-data/article/128168/
Kui, M., Yue, W., Xu, Z., Xiaochun, X., & Gengdu, Z. (2005, September 21–23). A trust management model for virtual communities. In Proceedings of the 5th International Conference on Computer and Information Technology (CIT 05), Shanghai, China (pp. 741–745). Washington, DC: IEEE.
Kyriacou, E., Pavlopoulos, S., Berler, A., Neophytou, M., Bourka, A., & Georgoulas, A. (2003). Multipurpose health care telemedicine systems with mobile communication link support. Biomedical Engineering Online, 2, 7. CrossRef
Laleci, G. B., Dogac, A., Olduz, M., Tasyurt, I., Yuksel, M., & Okcan, A. (2008). SAPHIRE: A multi-agent system for remote healthcare monitoring through computerized clinical guidelines. In R. Annicchiarico, U. Cortés, & C. Urdiales (Eds.), Agent technology and e-health (Whitestein series in software agent technologies and autonomic computing, pp. 25–44). Basel, Switzerland: Birkhäuser. CrossRef
Law 2472/1997: Protection of individuals from personal data processing, Pub. L. No. 2472, Greece (1997).
Law 3418/2005: Medical code of deontology, Pub. L. No. 3418, Greece (2005).
Law 3471/2006: Protection of personal data and privacy in the telecommunications sector – Amendment of Law 2472/1997, Pub. L. No 3471, Greece (2006).
Lorincz, K., Malan, D. J., Fulford-Jones, T. R. F., Nawoj, A., Clavel, A., Shnayder, V., et al. (2004). Sensor networks for emergency response: Challenges and opportunities. IEEE Pervasive Computing, 3(4), 16–23. CrossRef
Maji, A. K., Mukhoty, A., Majumdar, A. K., Mukhopadhyay, J., Sural, S., Paul, S., et al. (2008, January 29). Security analysis and implementation of web-based telemedicine services with a four-tier-architecture. Proceedings of the 2nd International Workshop on Connectivity, Mobility and Patients’ Comfort (CMPC), Tampere, Finland (pp. 46–54). New York: ACM.
McClure, S., Scambray, J., & Kurtz, G. (2003). Hacking exposed: Network security secrets and solutions (4th ed.). Berkeley, CA: McGraw-Hill/Osborne.
Mondy, J., & Torresi, M. (2008). CIGNA creating a virtual health care community. CIGNA website, News Releases. Retrieved June 4, 2010, from http://newsroom.cigna.com/article_display.cfm?article_id=925
Mufti, M., Agouridis, D., Din, S., & Mukhtar, A. (2009, June 9–13). Ubiquitous wireless infrastructure for elderly care. In Proceedings of the 2nd International Conference on Pervasive Technologies Related to Assistive Environments (PETRA 09), Corfu, Greece (pp. 1–5). New York: ACM Press.
Ng, H. S., Sim, M. L., & Tan, C. M. (2006). Security issues of wireless sensor networks in healthcare applications. BT Technology Journal, 24(2), 138–144. CrossRef
Orrin, S. (2004). The twelve most common application level hack attacks. Watchfire Corporation Whitepaper. Retrieved June 4, 2010, from http://www.emedia.co.uk/FM/GetFile.aspx?id=58740
Parducci, B., Lockhart, H., Levinson, R., & McRae, M. (2005). eXtensible Access Control Markup Language (XACML) Version 2.0 core specification. Billerica, MA: OASIS. Retrieved from www.oasis-open.org/committees/xacml/
Raywood, D. (2009, May 6). Social engineering attack allowed consultant to access company’s data room and steal passwords. SC Magazine, NEWS. Retrieved June 4, 2010, from http://www.scmagazineuk.com/Social-engineering-attack-allowed-consultant-to-access-companys-data-room-and-steal-passwords/article/136278
RFC2267 – Network ingress filtering. Defeating denial of service attacks which employ IP source address spoofing. (2010). Available from Internet Engineering Task Force website. Retrieved January 2, 2004, from http://www.ietf.org/rfc/rfc2267.txt
RFC3882 – Configuring BGP to block denial-of-service attacks. (2010). Available from Internet Engineering Task Force website. Fremont, CA. Retrieved June 4, 2010, from http://www.ietf.org/rfc/rfc3882.txt
Schopp, L. H., Hales, J. W., Quetsch, J. L., Hauan, M. J., & Brown, G. D. (2004). Design of a peer-to-peer telerehabilitation model. Telemedicine Journal and e-Health, 10(2), 243–251. CrossRef
Seamons, K., Winslett, M., Yu, T., Yu, L., & Jarvis, R. (2003). Protecting privacy during on-line trust negotiation. In R. Dingledine & P. Syverson (Eds.), LNCS 2482: Proceedings of the 2nd Workshop on Privacy Enhancing Technologies (PET 2002), April 14–15, 2002, San Francisco, USA (pp. 129–143). Berlin: Springer.
Stanberry, B. (1998). The legal and ethical aspects of telemedicine: Data protection, security and European law. Journal of Telemedicine and Telecare, 4(1), 18–24. CrossRef
Stefanov, H., Bien, Z., & Won-Chul, B. (2004). The smart house for older persons and persons with physical disabilities: Structure, technology arrangements, and perspectives. IEEE Transactions on Neural Systems and Rehabilitation Engineering, 12(2), 228–250. CrossRef
U.S. Congress. (1996) Health Insurance Portability and Accountability Act, USA. Pub. L No. 104-191, 110 Stat. 1936.
US Department of Health and Human Services, Office for Civil Rights. (2003). Standards for privacy of individually identifiable health information. Washington, DC: US Department of Health and Human Services.
Varlamis, I., & Apostolakis, I. (2010). Self-supportive virtual communities. International Journal on Web Based Communities, 6(1), 43–61. doi:10.1504/IJWBC.2010.030016. CrossRef
Vlachos, V., Spinellis, D., & Androutsellis-Theotokis, S. (2009, September 23–25). Biological aspects of computer virology. In A. P. Sideridis & C. Z. Patrikakis (Eds.), Proceedings of the 3rd International Conference on e-Democracy, Athens, Greece (pp. 202–219). Berlin: Springer.
Wang, X., Lao, G., DeMartini, T., Reddy, H., Nguyen, M., & Valenzuela, E. (2002, November 22). XrML – eXtensible rights markup language. In Proceedings of ACM Workshop on XML Security (XMLSEC ‘02); Fairfax, VA (pp. 71–79). New York: ACM.
Warren, S., Lebak, J., Yao, J., Creekmore, J., Milenkovic, A., & Jovanov, E. (2005, September 1–4). Interoperability and security in wireless body area network infrastructures. In Proceedings of the 27th Annual International Conference of Engineering in Medicine and Biology Society (IEEE-EMBS), Shanghai, China, 4, 3837–3840.
- A Security Model for Virtual Healthcare Communities
- Springer New York
- Chapter 5
Neuer Inhalt/© ITandMEDIA